On Wednesday, the Multinational Sanctions Monitoring Team (MSMT), comprising 11 countries including South Korea, the U.S., and Japan, revealed that North Korea has stolen virtual assets worth approximately 4 trillion KRW (about 2.8 billion USD) through illegal cyber activities. The MSMT also issued a joint statement condemning North Korea’s actions.
This marks the second report released by the MSMT since its inception in October last year. It comprehensively addresses North Korea’s major cyber organizations, virtual asset theft and laundering, overseas information technology (IT) personnel activities, and information theft.
The report states that North Korea has stolen a total of 2.84 billion USD in virtual assets from January 2022 to September 2023, with around 1.65 billion USD taken in 2023 alone. North Korea is laundering and converting these stolen funds into cash through overseas brokers in China, Russia, Hong Kong, and Cambodia. The Reconnaissance General Bureau is believed to be orchestrating a complex network of illegal financial operations.
Additionally, the report indicates that North Korea has deployed approximately 1,000 to 2,000 IT personnel to at least eight countries, including China, Russia, Laos, Cambodia, Equatorial Guinea, Guinea, Nigeria, and Tanzania. These individuals are affiliated with organizations under United Nation (UN) sanctioned agencies such as the Ministry of Atomic Energy Industry and the Ministry of Defense Industry. They reportedly remit about half of their income back to North Korea.
Notably, the report provides specific details about North Korea’s laundering and cash-out processes, highlighting the use of Cambodia’s financial platforms, Huione Group and Huione Pay. On October 14, the U.S. government designated Huione Group as a sanctioned entity. It was revealed that North Korean nationals linked to the Reconnaissance General Bureau laundered 37.6 million USD stolen from Japan’s DMM Bitcoin using Huione Pay.
North Korean nationals closely collaborated with Huione Pay employees in virtual asset laundering operations from 2022 to 2024. Individuals associated with the sanctioned group Cheongsong Union reportedly participated in laundering funds from the 2022 Axie Infinity hack, which involved 600 million USD.
In October, the U.S. Financial Crimes Enforcement Network (FinCEN) designated Huione Group as a primary money laundering concern. Although Cambodia’s central bank revoked Huione Pay’s financial license, the platform reportedly continues to operate locally.
The Ministry of Foreign Affairs noted that this report is significant as it is the first comprehensive assessment of North Korea’s illegal cyber activities, consolidating previously fragmented information with evaluations from MSMT member countries.
The report illustrates the relationships among North Korea’s cyber organizations under the Party, government, and military. It demonstrates that nearly all malicious cyber activities and IT personnel deployments are closely linked to UN-sanctioned entities such as the Reconnaissance General Bureau, the Ministry of Defense Industry, and the Ministry of Atomic Energy Industry.
In their joint statement, MSMT member countries emphasized that North Korea continues to violate UN Security Council resolutions through cyber and IT personnel activities. They stressed the need to raise international awareness of North Korea’s malicious cyber activities and urged all member states to hold violators accountable. The statement also called for the restoration of the UN Panel of Experts on North Korea sanctions, which was disbanded due to Russia’s veto, and insisted that the international community must continue to cooperate in implementing the resolutions.
The MSMT was established in October 2022 by 11 countries, including South Korea, the U.S., Japan, the United Kingdom, France, Germany, Italy, the Netherlands, Australia, New Zealand, and Canada. Its purpose is to fill the monitoring gap that arose after the disbandment of the UN Security Council’s North Korea sanctions panel in April 2022. The MSMT previously published its first report in May, focusing on military cooperation between Russia and North Korea.